hands-on lab

Associating AWS IAM Roles with Amazon EKS Service Accounts

Difficulty: Beginner
Duration: Up to 1 hour and 25 minutes
Students: 1,235
Rating: 4.6/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

Amazon Elastic Kubernetes Service (EKS) is a service from Amazon that hosts a Kubernetes cluster in the AWS cloud. It's common for applications hosted in a Kubernetes cluster to require access to cloud resources outside of the cluster.

Amazon EKS supports using Open ID Connect (OIDC) to associate an AWS IAM role with a Kubernetes Service Account. This association allows you to securely grant access to cloud resources and manage these credentials.

In this hands-on laboratory, you will deploy an application that uses AWS cloud resources and observe it fail due to not having access. You will create a Service Account and configure it to be associated with an AWS IAM role. You will then configure the application to use the Service Account and observe it successfully accessing a cloud resource.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Inspect AWS IAM roles and Kubernetes Service Accounts
  • Create a new Service Account
  • Associate a Service Account with a Deployment and AWS IAM role

Intended Audience

  • Cloud Architects
  • DevOps Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • The kubectl utility
  • The Bash Shell
  • AWS IAM roles, policies, trust relationships, and federation

The following content can be used to fulfill the prerequisites:

Updates

October 11th, 2024 - Updated Kubernetes version

December 5th, 2023 - Updated Kubernetes version

February 28th, 2023 - Updated to Kubernetes 1.24

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Connecting to the Virtual Machine using EC2 Instance Connect
Reviewing Amazon EKS Resources Automatically Created
Installing Kubernetes Management Tools and Utilities
Associating IAM Roles with Kubernetes Service Accounts in Amazon EKS